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DETAILED ACTION 

Response to Amendment 

1 . The Applicant's amendment, filed 07 July 2008, has been received, entered into 
the record, and respectfully and carefully considered. 

2. As a result of the amendment, claim 21 has been amended. Claims 1 -20 and 
60-61 are canceled. Claims 42-59 and 62-63 are withdrawn from consideration since 
they are non-elected claims. Claims 21-41 have been examined. 

3. Any objection/rejection not repeated below is withdrawn due to Applicant's 
amendment/argument. 

Priority 

4. Applicant claimed the current application is a continuation-in-part of application 
No. 08/388,107 filed on Feb. 13, 1995, now abandoned. 

The Examiner had reviewed carefully the parent application (08/388,107). The 
parent application (08/388,107) only discloses generally a digital certificate as "Other 
installations 600 may trust the "certificate"....". However, the examiner discovered at 
least three claim limitations, receiving a first digital certificate from a user, the first digital 
certificate attesting to at least one attribute of the user, determining, based at least in 
part on the first digital certificate, whether the user is authorized to access the online 
service and if the user is determined by said determining step to be authorized to 
access the online service, issuing a second digital certificate to the user, the second 
digital certificate attesting to the user's permission to access the online service in the 
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independent claim 1 of the current application are not supported by the parent 
application (08/388,107). 

The Applicant is respectfully reminded that the later-filed application must be an 
application for a patent for an invention which is also disclosed in the prior application 
(the parent or original non-provisional application or provisional application). The 
disclosure of the invention in the parent application and in the later-filed application 
must be sufficient to comply with the requirements of the first paragraph of 35 U.S.C. 
112. See Transco Products, Inc. v. Performance Contracting, Inc., 38 F.3d 551 , 32 
USPQ2d 1077 (Fed. Cir. 1994). 

The disclosure of the prior-filed application, Application No. 08/388,107, fails to 
provide adequate support or enablement in the manner provided by the first paragraph 
of 35 U.S.C. 1 1 2 for one or more claims of this application. 

Accordingly, claims 21-41 are not entitled to the filing date of the prior application 
(08/388,107). 

The examiner further notes in this Office Action, an intervening reference (U.S. 
Pub. No. 2002/0144108) is presented to address Applicant's newly amended limitation 
in claim 21 . 

Information Disclosure Statement 

5. The Applicant appreciates Applicant's good faith in submitting IDS dated 
November 23, 2005. 
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Therefore, the below three references are considered and these references 
do not appear relevant with the instant application. 

> U.S. Patent No. 3,946,200 - Proportional Temperature Controller 

> U.S. Patent No. 4,727,550 - Radiation Source 

> U.S. Patent No. 5,227,797 - Radar Tomography 

Claim Objections 

6. Claims 24-25 are objected to because of the following informalities: 

As per claim 25, "A method as in claim 24" is being recited. However, 
there is no claim 24 on page 3 of the claim. In order to further exam the merits on the 
claim, the examiner assumes the claim prior to claim 25, which has no claim number, is 
claim 24. 

Appropriate correction is required. 

Claim Rejections - 35 USC § 103 

7. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

8. The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1 , 148 
USPQ 459 (1966), that are applied for establishing a background for determining 
obviousness under 35 U.S.C. 103(a) are summarized as follows: 

1 . Determining the scope and contents of the prior art. 

2. Ascertaining the differences between the prior art and the claims at issue. 

3. Resolving the level of ordinary skill in the pertinent art. 
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4. Considering objective evidence present in the application indicating 
obviousness or nonobviousness. 

9. This application currently names joint inventors. In considering patentability of 
the claims under 35 U.S.C. 103(a), the examiner presumes that the subject matter of 
the various claims was commonly owned at the time any inventions covered therein 
were made absent any evidence to the contrary. Applicant is advised of the obligation 
under 37 CFR 1 .56 to point out the inventor and invention dates of each claim that was 
not commonly owned at the time a later invention was made in order for the examiner to 
consider the applicability of 35 U.S.C. 103(c) and potential 35 U.S.C. 102(e), (f) or (g) 
prior art under 35 U.S.C. 1 03(a). 

10. Claims 21-23, 26-27, 32-33 and 36-41 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Sudia (U.S. Patent No. 5,659,616) and in view of Benantar 
(U.S. Pub. No. 2002/0144108). 

As per claim 21, Sudia discloses a method for providing access to an online 
service ("...electronic commerce business" -e.g. col. 4, lines 52-53), the method 
comprising: 

receiving a first digital certificate from a user, the first digital certificate 
attesting to at least one attribute of the user ("receiving a digital identifying certificate 
issued by a certifying authority and have a plurality of digital fields, at least one of said 
Ifields identifying said user" - e.g. claim 1); 

determining, based at least in part on the first digital certificate, whether the 
user is authorized to access the online service ("When a recipient user (verifier) 
receives a transaction 51 from a sending user, the recipient first uses the sender's basic 
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key certificate 55 to verify the sender's signature 52 on the transaction..." - e.g. col. 9, 
lines 36-40); and 

issuing a second digital certificate to the user, the second digital certificate 
attesting to the user's permission to access the online service ("receiving a digital 
authorization certificate, separate from said identifying certificate and issued by a 
sponsor of said user, and authorizing transactions by said user..." - e.g. claim 1, "....the 
recipient also uses the sender's authorization certificate 56, signed by the sender's 
sponsor 59, to verify..." - e.g. col. 9, lines 36-45). 

Please note further in col. 14, lines 5-18, Sudia also discloses "...it may often 
be helpful to the copy the user's public key out of his basic authentication certificate and 
include it as another attribute in an authorization certificate. This permits the 
authorization certificate to serve both purposes (authentication and authorization) and 
allows the sender to omit the basic authentication certificate from each transaction". It 
is clear that in the Sudia reference, the authentication and authorization certificates are 
either two separate certificates or one authorization certificate to serve both 
authentication and authorization purposes. 

Sudia does not explicitly disclose if the user is determined by said determining 
step to be authorized to access the online service. 

However, Benantar discloses "A common analogy using passports and visas has 
been widely disseminated to explain the differences between public key certificates and 
attribute certificates. A public key certificate can be analogized to a passport. . .In 
contrast, an attribute certificate can be analogized to a visa. A visa is used to gain 
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access somewhere in a manner similar to using an attribute certificate to gain access to 
a system. ...Similarly, an attribute certificate must be accompanied by a public key 
certificate to verify/authenticate the identity of the user..." - e.g. [par. [0053] - [0054] and 
"...common steps, such as verifying the authenticity of a public key certificate .. As 
another example, the attribute certificate authority may verify the identity of the 
user prior to issuing the attribute certificate... "- e.g. par. [0090]. 

Please further note Benantar's public key certificate corresponds to Sudia's 
digital identifying certificate and Benantar's attribute certificate corresponds to Sudia's a 
digital authorization certificate. 

Sudia - Benantar are analogous art because they are from a similar field of 
endeavor in digital certificates. Thus, it would have been obvious to a person with 
ordinary skill in the art, at the time of invention, to modify the teachings of Sudia with 
verify the identity of the user prior to issuing the attribute certificate taught by Benantar 
since it is a common step in the field of digital certificate (e.g. Benantar, par. [0090]) to 
use the trusted relationships associated with digital certificates in order to authenticate 
user access to the systems (e.g. Benantar, par. [0090]). 

As per claims 22-23, Sudia further discloses receiving a request from the user to 
access the online service ("...electronic commerce business" - e.g. col. 4, lines 52-53); 
checking the second digital certificate to determine whether the user has permission to 
access the online service ("verifying said transaction based on information in said 
identifying certificate and in said authorization certificate, said step of verifying including 
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applying said rules... to verify..." - e.g. claim 1); and allowing the user to access the 
online service if it is determined that the user has permission to access the online 
service ("accepting said transaction based on said outcome of said verifying..." - e.g. 
claim 1) and in which said checking step is performed in a protected processing 
environment at a local computer system from which the user made the request to 
access the online service ("a system for securely using digital signatures in a 
commercial cryptographic system..." - e.g. abstract). 



As per claims 26-27, Sudia further discloses providing a third digital certificate to 
the user, the third digital certificate attesting to the identify of the online service, the third 
digital certificate being issued by a certifying authority (e.g. col. 3, lines 48-67, col. 4, 
lines 10-38) and in which the first digital certificate is issued by the certifying authority 
("receiving a digital identifying certificate issued by a certifying authority and have a 
plurality of digital fields, at least one of said fields identifying said user" - e.g. claim 1 ). 

As per claim 32, Sudia further discloses in which the second digital certificate 
attests to the user's permission to access the online service until a specified date 
("Certificates also contain an expiration date..." - e.g. col. 4, lines 1-9). 



Application/Control Number: 10/727,324 Page 9 

Art Unit: 2135 

As per claim 33, Sudia further discloses in which the at least one attribute 
comprises an indication of the amount of purchases the user is allowed to make in a 
given time period (e.g. col. 11, lines 1 1 -41 ). 

As per claims 36-37, Sudia further discloses in which the online service 
comprises a subscription ("...into the attribute certificates of the CA and its 
subscribers.." - e.g. col. 7, lines 37-38) and in which the second digital certificate 
includes an expiration date of the subscription ("Certificates also contain an expiration 
date..." - e.g. col. 4, lines 1-9). 

As per claims 38-39, Sudia further discloses collecting payment information from 
the user (e.g. col. 12, lines 1-18) and further comprising: sending the payment 
information to a financial clearinghouse (e.g. col. 6, lines 1-15 and col. 12, lines 1-18). 

As per claims 40-41, Sudia further discloses collecting information relating to the 
user's use of the online service (col. 12, lines 1-18) and further comprising sending the 
information relating to the user's use of the online service to a usage clearinghouse (e.g. 
col. 6, lines 1-15 and col. 12, lines 1-18). 

1 1 . Claims 24-25 are rejected under 35 U.S.C. 1 03(a) as being unpatentable over 
Sudia (U.S. Patent No. 5,659,616) - Benantar (U.S. Pub. No. 2002/0144108) and 
further in view of Arnold (U.S. Patent No. 5,956,408) 

As per claims 24-25, Sudia - Benantar does not expressly disclose sending 
software to the user. However, this well known feature is disclosed in col. 1, lines 10-14 
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of Arnold reference. It would have been obvious to a person with ordinary skill in the art 
at the time of the invention to incorporate Arnold's sending software to the user with 
Sudia - Benantar since sending software to the user assures security (e.g. Arnold, col. 
5, lines 1-14). 

Arnold further discloses sending a digital signature for determining the integrity of 
the software to the user (Arnold, e.g. abstract) and in which the digital signature is 
bound, at least in part, to the identity of the online service (Arnold, e.g. abstract). 

12. Claim 28 is rejected under 35 U.S.C. 103(a) as being unpatentable over Sudia 
(U.S. Patent No. 5,659,616) - Benantar (U.S. Pub. No. 2002/0144108) and further in 
view of Boulton et al. (U.S. Patent No. 5,537,618) 

As per claim 28, Sudia - Benantar discloses a digital identifying certificate 
issued by a certifying authority and having a plurality of digital fields, at least one of said 
fields identifying said user (Sudia, e.g. claim 1 and Benantar, e.g. par. [0053]). 

Sudia - Benantar does not expressly disclose in which the first digital certificate 
includes an indication of the user's age. 

However, it is well known at the time of the invention age is an attribute to identity 
a user. This well known feature is disclosed in col. 37, lines 32-34 of the Boulton et al. 
reference. 
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It would have been obvious to a person with ordinary skill in the art at the time of 
the invention to incorporate Boulton et al.'s age is an attribute to identity a user into 
Sudia - Benantar since a user's age is one of the attributes that identifying the user. 
1 3. Claims 29-31 are rejected under 35 U.S.C. 1 03(a) as being unpatentable over 
Sudia (U.S. Patent No. 5,659,616) - Benantar (U.S. Pub. No. 2002/0144108) and 
further in view of examiner's official notice. 

As per claims 29-31, Sudia - Benantar does not expressly disclose the first 
digital certificate identifies a party responsible for paying for the user's access to online 
service and sending a request for payment to the party responsible for paying for the 
user's access to online services; and receiving an indication that payment has been 
received and in which the steps of (a) sending a request for payment and (b) receiving 
an indication that payment has been received are performed prior to performing the step 
of sending the second digital certificate to the user. However, Sudia discloses for 
example in fig. 6 monetary limit and further in col. 12, lines 1-5, an online banking 
system is disclosed. The examiner takes official notice that the above missing well 
known features are common knowledge at the time of the invention. It would have been 
obvious to a person with ordinary skill in the art at the time of the invention to combine 
the common knowledge with Sudia - Benantar since they are well known in the art to 
produce predictable results. 
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14. Claims 34-35 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Sudia (U.S. Patent No. 5,659,616) - Benantar (U.S. Pub. No. 2002/0144108) and 
further in view of Rebane et al. (U.S. Patent No. 5,978,567) 

As per claims 34-35, Sudia - Benantar does not expressly disclose in which the 
online service comprises an interactive online game. 

However, this well known feature is disclosed in the abstract, col. 1 , lines 48-64, 
col. 3, lines 22-31 and col. 8, line 66 - col. 9, line 12. It would have been obvious to a 
person with ordinary skill in the art at the time of the invention to incorporate Rebane et 
al.'s the online service comprises an interactive online game into Sudia - Benantar since 
online service comprises an interactive online game is offered electronically and 
interactively is well known in the art. (e.g. Rebane et al., col. 1 , lines 48-64). 

Sudia-Rebane et al. further discloses sending software for playing the online 
game to the user in a secure container (Sudia, - e.g. abstract and Rebane et al. - e.g. 
col. 9, lines 37-52). 

Conclusion 

1 5. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. (See PTO -892) 

16. Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See M PEP 

§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 
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A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 
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Contact Information 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to APRIL Y. SHAN whose telephone number is (571)270- 
1014. The examiner can normally be reached on Monday - Friday, 8:00 a.m. - 5:00 
p.m., EST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Y. Vu can be reached on (571) 272-3859. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/April Y Shan/ 
Examiner, Art Unit 2135 
/KimYen Vu/ 



Supervisory Patent Examiner, Art Unit 2135 



